Computer Science > Computers and Society

Title:
Computer Security: Competing Concepts

Abstract: This paper focuses on a tension we discovered in the philosophical part of
our multidisciplinary project on values in web-browser security. Our project
draws on the methods and perspectives of empirical social science, computer
science, and philosophy to identify values embodied in existing web-browser
security and also to prescribe changes to existing systems (in particular,
Mozilla) so that values relevant to web-browser systems are better served than
presently they are. The tension, which we had not seen explicitly addressed in
any other work on computer security, emerged when we set out to extract from
the concept of security the set values that ought to guide the shape of
web-browser security. We found it impossible to construct an internally
consistent set of values until we realized that two robust -- and in places
competing -- conceptions of computer security were influencing our thinking. We
needed to pry these apart and make a primary commitment to one. One conception
of computer security invokes the ordinary meaning of security. According to it,
computer security should protect people -- computer users -- against dangers,
harms, and threats. Clearly this ordinary conception of security is already
informing much of the work and rhetoric surrounding computer security. But
another, substantively richer conception, also defines the aims and trajectory
of computer security -- computer security as an element of national security.
Although, like the ordinary conception, this one is also concerned with
protection against threats, its primary subject is the state, not the
individual. The two conceptions suggest divergent system-specifications, not
for all mechanisms but a significant few.